package org.nhindirect.config.store;

import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Enumeration;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Enumerated;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.web.servlet.tags.BindTag;

@Table(name = "certificate")
@Entity
/* loaded from: input_file:WEB-INF/lib/config-store-1.1.jar:org/nhindirect/config/store/Certificate.class */
public class Certificate {
    private static final String DEFAULT_JCE_PROVIDER_STRING = "BC";
    private static final String JCE_PROVIDER_STRING_SYS_PARAM = "org.nhindirect.config.JCEProviderName";
    private static final Log log;
    public static final byte[] NULL_CERT;
    private String owner;
    private String thumbprint;
    private long id = 0;
    private byte[] data;
    private Calendar createTime;
    private Calendar validStartDate;
    private Calendar validEndDate;
    private EntityStatus status;
    private boolean privateKey;

    /* loaded from: input_file:WEB-INF/lib/config-store-1.1.jar:org/nhindirect/config/store/Certificate$CertContainer.class */
    public static class CertContainer {
        private final X509Certificate cert;
        private final Key key;

        public CertContainer(X509Certificate x509Certificate, Key key) {
            this.cert = x509Certificate;
            this.key = key;
        }

        public X509Certificate getCert() {
            return this.cert;
        }

        public Key getKey() {
            return this.key;
        }
    }

    public static String getJCEProviderName() {
        String property = System.getProperty(JCE_PROVIDER_STRING_SYS_PARAM);
        if (property == null || property.isEmpty()) {
            property = DEFAULT_JCE_PROVIDER_STRING;
        }
        return property;
    }

    public static void setJCEProviderName(String str) {
        if (str == null || str.isEmpty()) {
            System.setProperty(JCE_PROVIDER_STRING_SYS_PARAM, DEFAULT_JCE_PROVIDER_STRING);
        } else {
            System.setProperty(JCE_PROVIDER_STRING_SYS_PARAM, str);
        }
    }

    @Column(name = "owner")
    public String getOwner() {
        return this.owner;
    }

    public void setOwner(String str) {
        this.owner = str;
    }

    @Column(name = "certificateData", length = 4096)
    @Lob
    public byte[] getData() {
        return this.data;
    }

    public void setData(byte[] bArr) throws CertificateException {
        this.data = bArr;
        if (bArr == NULL_CERT) {
            setThumbprint("");
        } else {
            loadCertFromData();
        }
    }

    @Column(name = "privateKey")
    public boolean isPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(boolean z) throws CertificateException {
        this.privateKey = z;
    }

    private void setThumbprint(String str) {
        this.thumbprint = str;
    }

    @Column(name = "thumbprint")
    public String getThumbprint() {
        return this.thumbprint;
    }

    @Id
    @Column(name = "id", nullable = false)
    @GeneratedValue(strategy = GenerationType.AUTO)
    public long getId() {
        return this.id;
    }

    public void setId(long j) {
        this.id = j;
    }

    @Temporal(TemporalType.TIMESTAMP)
    @Column(name = "createTime")
    public Calendar getCreateTime() {
        return this.createTime;
    }

    public void setCreateTime(Calendar calendar) {
        this.createTime = calendar;
    }

    @Column(name = BindTag.STATUS_VARIABLE_NAME)
    @Enumerated
    public EntityStatus getStatus() {
        return this.status;
    }

    public void setStatus(EntityStatus entityStatus) {
        this.status = entityStatus;
    }

    @Temporal(TemporalType.TIMESTAMP)
    @Column(name = "validStartDate")
    public Calendar getValidStartDate() {
        return this.validStartDate;
    }

    public void setValidStartDate(Calendar calendar) {
        this.validStartDate = calendar;
    }

    @Temporal(TemporalType.TIMESTAMP)
    @Column(name = "validEndDate")
    public Calendar getValidEndDate() {
        return this.validEndDate;
    }

    public void setValidEndDate(Calendar calendar) {
        this.validEndDate = calendar;
    }

    public void validate() throws CertificateException {
        if (!hasData()) {
            throw new CertificateException("Invalid Certificate: no certificate data exists");
        }
    }

    private boolean hasData() {
        return (this.data == null || this.data.equals(NULL_CERT)) ? false : true;
    }

    public void clearData() {
        try {
            setData(NULL_CERT);
        } catch (CertificateException e) {
            e.printStackTrace();
        }
    }

    private void loadCertFromData() throws CertificateException {
        try {
            validate();
            CertContainer credential = toCredential();
            setThumbprint(Thumbprint.toThumbprint(credential.getCert()).toString());
            setPrivateKey(credential.getKey() != null);
        } catch (Exception e) {
            setData(NULL_CERT);
            throw new CertificateException("Data cannot be converted to a valid X.509 Certificate", e);
        }
    }

    public CertContainer toCredential() throws CertificateException {
        CertContainer certContainer = null;
        try {
            validate();
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.data);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
                keyStore.load(byteArrayInputStream, "".toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                if (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    Key key = keyStore.getKey(nextElement, "".toCharArray());
                    if (key != null && (key instanceof PrivateKey)) {
                        certContainer = new CertContainer(x509Certificate, key);
                    }
                }
            } catch (Exception e) {
            }
            if (certContainer == null) {
                byteArrayInputStream.reset();
                byteArrayInputStream = new ByteArrayInputStream(this.data);
                certContainer = new CertContainer((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream), null);
            }
            byteArrayInputStream.close();
            return certContainer;
        } catch (Exception e2) {
            throw new CertificateException("Data cannot be converted to a valid X.509 Certificate", e2);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        log = LogFactory.getLog(Certificate.class);
        NULL_CERT = new byte[0];
    }
}
